equal
deleted
inserted
replaced
172 *except* that any changeset which writes to "dontwritethis" will be |
172 *except* that any changeset which writes to "dontwritethis" will be |
173 rejected. |
173 rejected. |
174 |
174 |
175 - For similar reasons, don't give "init" rules file conditions. |
175 - For similar reasons, don't give "init" rules file conditions. |
176 |
176 |
|
177 - Don't try to deny write access to a particular file on a particular |
|
178 branch - a developer can write to the file on another branch and then |
|
179 merge it in. Either deny all writes to the branch from that user, or |
|
180 allow them to write to all the files they can write to on any branch. |
|
181 In other words, something like this will have the intended effect |
|
182 |
|
183 write user=docs/* branch=docs file=docs/* |
|
184 |
|
185 But something like this will not have the intended effect; it will |
|
186 effectively allow these users to write to any file on any branch, by |
|
187 writing it to "docs" first: |
|
188 |
|
189 write user=docs/* branch=docs |
|
190 write user=docs/* file=docs/* |
|
191 read user=docs/* |
|
192 |
177 LOCKING YOURSELF OUT |
193 LOCKING YOURSELF OUT |
178 |
194 |
179 If you find yourself "locked out" - that is, that you no longer have |
195 If you find yourself "locked out" - that is, that you no longer have |
180 the permissions needed in hgadmin - you can break back in again if |
196 the permissions needed in hgadmin - you can break back in again if |
181 you're able to become the "hg" user on the repository host. Once you |
197 you're able to become the "hg" user on the repository host. Once you |